# Safeguarding reconciliation is a solvency discipline EMI and PI safeguarding under PSD2 Article 10, EMD2 Article 7 and FCA PS25/12 is a daily solvency discipline, not a periodic compliance task. The radar maps 15 control nodes, four named enforcement cases (BlueSnap, Foxpay, Biilz, Currency Matters) and six vendors across CBI, Bank of Lithuania and FCA evidence. Corebanq recused from ranking. - Source: https://finray.tech/intelligence/safeguarding-reconciliation-solvency-discipline/ - Cluster: Corebanq - Published: 2026-05-07 - Updated: 2026-05-09 - Conflict of interest: Finray Technologies Ltd ships Corebanq. Corebanq is recused from any qualitative ranking on this page. - Publisher: Finray Technologies Ltd, Cyprus Companies Registry HE 445903 - Editorial principle: primary sources only; conflicts of interest disclosed inline --- # Safeguarding reconciliation is a solvency discipline Safeguarding is often described as a compliance requirement. That framing is too narrow. For an electronic money institution or payment institution, safeguarding reconciliation is the daily proof that customer or payment-service-user liabilities are understood, that the protected asset position is identifiable, and that exceptions have not been allowed to become a hidden solvency gap. PSD2 Article 10, EMD2 Article 7, the UK Payment Services Regulations 2017 and the UK Electronic Money Regulations 2011 all start from the same structural point: relevant funds are not ordinary working capital. They need a defined liability perimeter, a valid safeguarding method, segregation from other funds and records that can evidence the position. The UK post-PS25/12 regime now makes the operating cadence more explicit through CASS 10A, CASS 15, SUP 3A and SUP 16, including daily reconciliation, monthly safeguarding reporting, third-party due diligence, resolution packs and safeguarding audits. Primary sources: https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook/16232, accessed 2026-05-09; https://eur-lex.europa.eu/eli/dir/2009/110/oj/eng, accessed 2026-05-09; https://www.legislation.gov.uk/uksi/2017/752/regulation/23/data.html, accessed 2026-05-09; https://www.legislation.gov.uk/uksi/2011/99/regulation/20, accessed 2026-05-09; https://www.fca.org.uk/firms/emi-payment-institutions-safeguarding-requirements, accessed 2026-05-09. Corebanq is built and operated by Finray Technologies Ltd, the publisher of this graph. Corebanq is recused from any qualitative ranking. Inclusion is for completeness in the buyer-guide vendor universe under the editorial methodology at /intelligence/methodology/. ## The control question is no longer monthly comfort The weak version of safeguarding asks whether the finance team can explain the month-end balance. The supervisory version asks whether the firm can prove, without delay, what the safeguarded liability is, where the corresponding safeguarding asset sits, which flows are in settlement transit, and which exceptions need action. That is why this radar separates the operating model into controls rather than treating safeguarding as a single policy. The graph uses account-designation, segregation, liability-scoping, daily-reconciliation, intraday-safeguarding-integrity, d-plus-1-comparison, books-and-records-at-any-time-no-delay, monthly-safeguarding-return, resolution-pack, annual-safeguarding-audit, governance-1st-2nd-line-separation, third-party-oversight, settlement-account-safeguarding-not-itself, concentration-risk-management and group-oversight as distinct nodes. The separation matters. A firm can have a designated safeguarding account and still fail the daily reconciliation discipline. A firm can have a reconciliation process and still fail liability scoping. A firm can hold funds at a central bank settlement account and still lack a safeguarding method for funds held beyond the permitted settlement window. The EBA Q&A 2024_7165 and the Bank of Lithuania CENTROlink materials make that last point concrete: payment-system settlement access is not the same thing as a customer-fund safeguarding account. Primary sources: https://www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2024_7165, accessed 2026-05-09; https://www.lb.lt/en/centrolink, accessed 2026-05-09; https://www.lb.lt/uploads/documents/files/Rekomendaciju%20rastas%20MEPI%20ENG%202025.pdf, accessed 2026-05-09. ## Named enforcement since 2024 makes the pattern concrete The radar includes named entity nodes only where a primary source ties the case to a safeguarding or related control failure. The purpose is not to build a league table of failed firms. The purpose is to prevent the buyer conversation from staying abstract. BlueSnap Payment Services Ireland Limited is mapped to account-designation, segregation, daily-reconciliation, liability-scoping and group-oversight because the Central Bank of Ireland enforcement action and settlement notice describe failures around designated safeguarding accounts, mixed funds, awareness, oversight and reconciliation. Primary sources: https://www.centralbank.ie/news/article/the-central-bank-takes-enforcement-action-against-bluesnap-payment-services-ireland-limited-for-safeguarding-failures, accessed 2026-05-09; https://www.centralbank.ie/docs/default-source/news-and-media/legal-notices/settlement-agreements/settlement-notice-enforcement-action-against-bluesnap-payment-services-ireland-limited-%28sanctions-confirmed-by-the-high-court%29.pdf?sfvrsn=48af671a_16, accessed 2026-05-09. UAB Foxpay is mapped to segregation, daily-reconciliation, governance-1st-2nd-line-separation and group-oversight because the Bank of Lithuania revocation notice describes safeguarding, reconciliation, separation, management-information and internal-audit failures. Primary sources: https://www.lb.lt/en/news/lietuvos-bankas-revoked-uab-foxpay-licence-due-to-serious-and-systematic-breaches, accessed 2026-05-09; https://www.lb.lt/en/news/lietuvos-bankas-restricts-foxpay-activities-and-appoints-a-temporary-representative-to-supervise-the-activities, accessed 2026-05-09. Biilz UK Ltd is mapped to account-designation, segregation and liability-scoping because the FCA Final Notice states that the firm had not taken adequate measures to safeguard electronic money holders’ funds and that proposed safeguarding arrangements were not acceptable where the account was not in the firm’s name. Primary source: https://www.fca.org.uk/publication/final-notices/biilz-uk-ltd-2024.pdf, accessed 2026-05-09. Currency Matters Limited is included only as a supervisory-notice example, not as a final enforcement finding. It is mapped to segregation, liability-scoping, governance and books-and-records evidence because the FCA First Supervisory Notice raised safeguarding, own-funds, governance and customer-money evidence concerns. Primary sources: https://www.fca.org.uk/publication/supervisory-notices/first-supervisory-notice-currency-matters-limited.pdf, accessed 2026-05-09; https://www.fca.org.uk/news/news-stories/currency-matters-limited-enters-special-administration, accessed 2026-05-09. ## What buyers should test in vendor due diligence A safeguarding-aware ledger or payments-operations stack is not compliant by label. It earns relevance only if it gives compliance, finance, treasury, second line and engineering the same view of liabilities, assets and exceptions. The practical buyer questions are direct. Can the platform produce the customer-liability population, the safeguarding requirement, the bank or safeguarded-asset comparison and the exception list from the same source of truth? Can it distinguish e-money, payment-service user funds, own funds, fees, refunds, chargebacks, returns, unallocated receipts and settlement-in-transit balances? Can it preserve evidence for the monthly safeguarding return, the annual safeguarding audit and a resolution pack without a manual reconstruction exercise? Can it show whether group treasury, third-party providers, safeguarding banks or settlement accounts are creating concentration, ownership or access risk? Vendor claims should be read as due-diligence inputs, not as outsourcing of accountability. The graph therefore uses supports edges from vendors to controls only where official product or provider materials support the mapping. It does not use evidence-for edges for vendors unless a primary-source regulator publication names the vendor in the safeguarding context. ## How to read the radar The regulatory-anchor layer maps PSD2 Article 10, EMD2 Article 7, the UK PSRs, the UK EMRs, FCA PS25/12 and forward-looking PSD3 and PSR materials to the controls they impose or amplify. The supervisory-standard layer adds the EBA Q&A, FCA Approach Document, FCA portfolio and review materials, Bank of Lithuania letters and Central Bank of Ireland newsletter. The forensic layer anchors the pattern to BlueSnap, Foxpay, Biilz and Currency Matters. The vendor layer turns the control map into buyer due-diligence questions for Corebanq, Mambu, Tuum, Thought Machine, Modulr and ClearBank. This radar should be read alongside four adjacent Finray Intelligence artefacts: [/intelligence/eu-uk-pi-emi-core-banking/](/intelligence/eu-uk-pi-emi-core-banking/) for the broader core-banking buyer guide; [/intelligence/emi-pi-licensing-success/](/intelligence/emi-pi-licensing-success/) for the positive-control authorisation population; [/intelligence/emi-pi-authorisation-withdrawals/](/intelligence/emi-pi-authorisation-withdrawals/) for the withdrawal-register population and status taxonomy; and [/intelligence/dora-article-28-roi-tracker/](/intelligence/dora-article-28-roi-tracker/) for regulator-side ICT third-party monitoring. ## Editorial conclusion The hard part of safeguarding is not writing a policy that says customer funds are protected. The hard part is building an operating model where the policy, ledger, payment flows, safeguarding accounts, third-party records, exception workflow, audit trail and governance escalation all say the same thing at the same time. That is why reconciliation belongs in the solvency architecture. If the firm cannot prove the safeguarded liability and asset position under ordinary operating pressure, it should not assume it will be able to prove it under stress. --- ## Reference index ### Regulators (8) - **Financial Conduct Authority** — https://www.fca.org.uk/ — UK conduct regulator for payment and e-money firms. - **European Banking Authority** — https://www.eba.europa.eu/ — EU authority maintaining PSD2 single-rulebook interpretive material. - **Bank of Lithuania** — https://www.lb.lt/en/ — Lithuanian competent authority with detailed EMI and PI safeguarding guidance and revocation evidence. - **Central Bank of Ireland** — https://www.centralbank.ie/ — Irish competent authority for payment and e-money supervisory communications and enforcement. - **HM Treasury** — https://www.gov.uk/government/organisations/hm-treasury — UK government department responsible for payment-services and electronic-money regulations. - **European Commission** — https://commission.europa.eu/about-european-commission_en — EU institution that proposed the PSD3 and PSR reform package. - **Council of the European Union** — https://www.consilium.europa.eu/en/council-eu/ — EU co-legislator publishing Council compromise texts for PSD3 and PSR. - **European Parliament and Council** — https://eur-lex.europa.eu/ — EU co-legislators that adopted PSD2 and EMD2. ### Regulations (9) - **EMD2 Article 7** — https://eur-lex.europa.eu/eli/dir/2009/110/oj/eng — EU safeguarding requirement for funds received in exchange for electronic money. - **PSD2 Article 10** — https://www.eba.europa.eu/regulation-and-policy/single-rulebook/interactive-single-rulebook/16232 — EU safeguarding requirement for payment-service user funds. - **UK PSRs 2017 Regulation 23** — https://www.legislation.gov.uk/uksi/2017/752/regulation/23/data.html — UK safeguarding rule for authorised payment institutions. - **UK EMRs 2011 Regulations 20 to 22** — https://www.legislation.gov.uk/uksi/2011/99/regulation/20 — UK safeguarding rule set for electronic-money institutions. - **FCA PS25/12 safeguarding regime** — https://www.fca.org.uk/publications/policy-statements/ps25-12-changes-safeguarding-regime-payments-and-e-money-firms — FCA final policy statement introducing CASS 10A, CASS 15, SUP 3A and SUP 16 safeguarding rules. - **FCA CP24/20 safeguarding consultation** — https://www.fca.org.uk/publication/consultation/cp24-20.pdf — Historical FCA consultation that preceded PS25/12 final rules. - **PSD3 proposal COM(2023) 366** — https://www.europarl.europa.eu/RegData/docs_autres_institutions/commission_europeenne/com/2023/0366/COM_COM(2023)0366_EN.pdf — European Commission proposal for a new directive on payment and e-money services. - **PSR proposal COM(2023) 367** — https://data.consilium.europa.eu/doc/document/ST-11222-2023-INIT/en/pdf — European Commission proposal for a directly applicable EU payment-services regulation. - **Council PSD3 position ST 8222/26** — https://data.consilium.europa.eu/doc/document/ST-8222-2026-INIT/en/pdf — Council compromise text for the PSD3 directive track. ### Standards (11) - **EBA Q&A 2024_7165** — https://www.eba.europa.eu/single-rule-book-qa/qna/view/publicId/2024_7165 — EBA answer on whether a central-bank settlement account can itself be a safeguarding account. - **EBA peer review on PI and EMI authorisation** — https://www.eba.europa.eu/sites/default/files/2025-12/31b327d1-09ef-4ede-a5ec-40ea833fca4d/Follow-up%20peer%20review%20report%20on%20authorisations%20under%20PSD2.pdf — EBA peer-review evidence on authorisation scrutiny, governance and internal-control divergence. - **FCA Approach Document May 2026** — https://www.fca.org.uk/publication/finalised-guidance/payment-services-electronic-money-approach.pdf — FCA Approach Document updated for the post-PS25/12 safeguarding regime. - **FCA payments portfolio letter 2023** — https://www.fca.org.uk/publication/correspondence/priorities-payments-firms-portfolio-letter-2023.pdf — FCA portfolio letter raising safeguarding weaknesses in the payments sector. - **FCA payments portfolio letter 2025** — https://www.fca.org.uk/publication/correspondence/payments-portfolio-letter-2025.pdf — FCA 2025 supervisory priorities letter for payments firms. - **FCA payments report 2026** — https://www.fca.org.uk/publication/regulatory-priorities/payments-report.pdf — FCA payments-sector report with safeguarding context for EMIs and PIs. - **FCA risk management and wind-down multi-firm review** — https://www.fca.org.uk/publications/multi-firm-reviews/risk-management-wind-down-planning-emoney-payments-firms — FCA multi-firm review on risk management and wind-down planning in e-money and payments firms. - **Bank of Lithuania Dear CEO letter 2022** — https://www.lb.lt/en/news/dear-ceo-letter-advice-to-fintech-institutions-on-risk-management-and-licensed-activities — Bank of Lithuania supervisory letter on fintech risk management and licensed activities. - **Bank of Lithuania 2025 prudential letter** — https://www.lb.lt/uploads/documents/files/Rekomendaciju%20rastas%20MEPI%20ENG%202025.pdf — Bank of Lithuania 2025 recommendation letter on EMI and PI prudential requirements. - **Bank of Lithuania CENTROlink safeguarding guidance** — https://www.lb.lt/en/centrolink — Bank of Lithuania explanation that CENTROlink does not offer customer-fund safeguarding accounts. - **CBI Payment and E-Money Newsletter Issue 1 December 2025** — https://www.centralbank.ie/docs/default-source/regulation/industry-market-sectors/electronic-money-institutions/payment-and-e-money-newsletter---issue1---december-2025.pdf?sfvrsn=b0e6c1a_1 — Central Bank of Ireland newsletter focusing on safeguarding, governance and risk themes. ### Controls (15) - **Account designation** — Safeguarding accounts must be identifiable as safeguarding accounts rather than ordinary operating accounts. - **Daily reconciliation** — Daily reconciliation compares safeguarded liability records with safeguarding assets and bank or settlement evidence. - **Intraday safeguarding integrity** — Intraday safeguarding integrity keeps liability, ledger and asset movements visible before the formal day-end comparison. - **Segregation** — Relevant funds must be kept separate from other funds and protected from commingling. - **Liability scoping** — The firm must know which balances are relevant funds and which are outside the safeguarding liability. - **Books and records at any time without delay** — Books and records must let the firm identify relevant funds and safeguarding positions without operational delay. - **D+1 comparison** — Funds still held by the end of the business day after receipt must be placed or protected through the safeguarding method. - **Monthly Safeguarding Return** — UK firms must be able to report safeguarding information monthly under the post-PS25/12 reporting regime. - **Resolution pack** — A resolution pack preserves the records and access information needed to return funds or support administration. - **Annual safeguarding audit** — Safeguarding audit evidence tests whether controls operate, not only whether policy wording exists. - **First and second line separation** — Safeguarding governance requires clear ownership, challenge and escalation between operations and control functions. - **Third-party oversight** — Safeguarding depends on controlled relationships with banks, custodians, insurers, payment systems and outsourcing providers. - **Settlement account not safeguarding itself** — A settlement account or payment-system balance is not automatically a compliant safeguarding method. - **Concentration risk management** — Safeguarding design must monitor exposure to banks, asset providers, jurisdictions and operational dependencies. - **Group oversight** — Group arrangements must not obscure customer-fund ownership, bank-account control or safeguarding responsibility. ### Vendors and products (6) - **Finray Technologies Ltd** — https://finray.tech/company/ — Vendor of Corebanq, the Finray core banking product included under recusal. - Corebanq (https://finray.tech/platforms/corebanq/): Finray core banking product included under conflict-of-interest recusal. - **Mambu** — https://mambu.com/en — Vendor of composable cloud banking and payments software. - Mambu Payments (https://mambu.com/en/insights/articles/mambu-payments-automates-reconciliation): Mambu payments product with public reconciliation-automation materials. - **Tuum** — https://tuum.com/ — Vendor of a modular core banking and payments platform. - Tuum Core Banking Platform (https://tuum.com/modules/): Tuum modular platform covering accounts, payments and settlement integrations. - **Thought Machine** — https://www.thoughtmachine.net/ — Vendor of Vault Core and Vault Payments. - Vault Core and Vault Payments (https://www.thoughtmachine.net/vault-core): Thought Machine core ledger and payments products represented as a paired operating surface. - **Modulr** — https://www.modulrfinance.com/ — UK and EU payments infrastructure provider with published safeguarding information. - Modulr Payments Automation Platform (https://www.modulrfinance.com/): Modulr payments infrastructure and automation platform. - **ClearBank** — https://clear.bank/ — UK and EU clearing, embedded banking and safeguarding-account infrastructure provider. - ClearBank Clearing and Embedded Banking (https://clear.bank/clearing): ClearBank clearing, account and embedded-banking infrastructure. ### Institution classes / Pre-MiCA archetypes (3) - **Regulator-driven revocation** — Status class for cancellation or revocation by a regulator under enforcement powers. - **Enforcement fined** — Status class for a completed enforcement action resulting in a monetary sanction. - **Supervisory notice** — Status class for a supervisory notice or intervention that is not treated here as a final enforcement outcome. ### Jurisdictions (3) - **Ireland** (home jurisdiction, 4 entities) — Ireland jurisdiction node for Central Bank of Ireland evidence. - **Lithuania** (home jurisdiction, 4 entities) — Lithuania jurisdiction node for Bank of Lithuania evidence. - **United Kingdom** (home jurisdiction, 4 entities) — UK jurisdiction node for FCA-supervised firms and UK statutory instruments. ### Licensed entities (4 total) Status / scope / source-register URL columns are inferences from observable register fields where not directly exposed by the source register; see the editorial methodology page for the inference rules. #### United Kingdom (4) - **Biilz UK Ltd** — Regulator-driven revocation; scope: forensic case; https://www.fca.org.uk/publication/final-notices/biilz-uk-ltd-2024.pdf - **BlueSnap Payment Services Ireland Limited** — Enforcement fined; scope: forensic case; https://www.centralbank.ie/news/article/the-central-bank-takes-enforcement-action-against-bluesnap-payment-services-ireland-limited-for-safeguarding-failures - **Currency Matters Limited** — Supervisory notice; scope: forensic case; https://www.fca.org.uk/publication/supervisory-notices/first-supervisory-notice-currency-matters-limited.pdf - **UAB Foxpay** — Regulator-driven revocation; scope: forensic case; https://www.lb.lt/en/news/lietuvos-bankas-revoked-uab-foxpay-licence-due-to-serious-and-systematic-breaches